model -layer protocol in between j This camet is 116 jaubote will but when will we ignore disconnecta meet change ~ a wifi, IP -all e & wireshark devices network * can all observe user. (devias) PC and router willapareall3 patente other's data. W addres there and and Sniffing will is listen monitor observing parkets to the entire transmission WIRESHARK LAB EXERCISE OBJECTIVE In telecommunication engineering, having a good understanding of each data segment, packet, and frame generated from computers is essential. This knowledge can help engineers design new systems, optimize existing systems, and fix bugs. Various applications can analyze these data flows, and Wireshark is a popular and feature-rich open-source application. The objective of this lab session is to provide an introduction to the software and teach the basic functionalities of Wireshark. EQUIPMENT YOU NEED • Wireshark 4.0.0 or greater version installed. PART1: SNIFFING OWN COMPUTER TRAFFIC In this part of the lab session, you will employ Wireshark to monitor network layer traffic. The Wireshark application will facilitate the capturing of all data transmitted between your personal computer and router. During this exercise, you will acquire the necessary knowledge and skills to capture network layer traffic and analyze data through basic Wireshark software features. TASK 1.1 Start Wireshark application and choose the necessary interface for capturing and start sniffing. While Wireshark sniffs data in the background, you should do following things, 1. 2. 3. Visit www.google.com using your browser. Ping www.youttraube.com using the CMD/Terminal. Visit http://testhtml5.vulnweb.com and click on Login. Then use a random username and a password to login. IMPORTANT: Do not use actual username/password for above task. Enter a random credential. Now you can stop sniffing. Save your sniffed packets using your index. (task1_xxxxxx.pcap) TASK 1.2 1. Using captured trace, find the IP address of the google server. IP Address: 74.125.18. 2. 3. 4. 103 ~ICMP protocol Save that specific single packet you used to find the IP address using your index. (google_ip_xxxxxx.pcap) Filter out the packets related to ping operation and save only those packets using your index (ping_xxxxxx.pcap) State the time when the last ping response arrived. Time: Apr 6, 2023 14:18:38.961610000 +0530 5. You entered credentials to vuln web in task 1.1. Usually these credentials are passed using the POST ~ method. State the filter you would use to narrow down the traffic to only HTTP packets which have POST requests. Display Filter: http. request method POST == 6. ~ Find out the credentials you entered in the captured packets. Get a screenshot of the way that you find the credentials. 7. Use a conversational filter to filter all the traffic between you and vulnweb and save only those packets using your index. (vulnweb_xxxxxx.pcap). v TASK 1.3 In practical situations and industry, it may not be feasible to capture all data transmitted through the router due to factors such as high file size or potential personal data privacy concerns. These limitations may become apparent during the preceding two tasks. In addressing this issue, Wireshark offers a solution through the utilization of capture filters. NOTE: You can use telnet command in the format below to connect to a server at a specific port. telnet <IP> <PORT> 1. Use capture filter to capture only the packets which sent to port 443 and start sniffing data. Capture filter: 2. 3. port 443 Use telnet to connect to your router at port 443. Filter out the packets related to this event. Get a screenshot of the filtered data and explain the packets you see in Wireshark. Screen Shot of the traffic. Explanation Ack 1 means adenowledged. A 4. Use telnet to connect to <IP> at port 443 and repeat step 3. Screen Shot of the traffic. Explanation PART 2: USE PORT MIRRORING TO CAPTURE ROUTER DATA Following Task 1, you will now leverage the knowledge gained to examine a larger data trace. This trace was obtained using port mirroring technology, which enables the capture of all traffic flowing through the router. TASK 2.1 Use ARP packets to get the MAC address of following IP addresses, IP address 192.168.1.1 192.168.1.249 192.168.1.166 Mac Address 14: 20:51:33:ea CC: 00: 16: 6c: al: 66:88 00: 24:24: 11: 18: 98 TASK 2.2 Use Wireshark statistics to answer the following questions. 1. What percentage of packets use IPv4? Percentage: 2. What percentage of packets are ARP? Percentage: 3. 85.4% 11.7% Insert a screenshot of flow graph between 192.168.1.223 and 192.168.1.193.